Repository files navigation

Threat Modeling with ATT&CK defines how to integrate MITRE ATT&CK® into yourorganization’s existing threat modeling methodology. This process is intended foruniversal application to any system or technology stack (large or small) using anyexisting threat modeling methodology like STRIDE, PASTA, or Attack Trees. To demonstrateits use and applicability to a wide audience of cybersecurity practitioners, we applythis process to a fictional internet-of-things (IOT) system called the Ankle MonitoringPredictor of Stroke (AMPS).

Table Of Contents:

• Getting Started
• Getting Involved
• Questions and Feedback
• Notice

Go to the project website to learn all about the Threat Modeling with ATT&CK process,including detailed steps for applying the process and comprehensive examples based.

There are several ways that you can get involved with this project and helpadvance threat-informed defense:

• Read the Threat Modeling process. Read the detailed process defined by thisproject and learn how to apply it by following through the realistic examples.
• Apply Threat Modeling to your own projects. Put the project into action by usingit to conduct your next threat modeling exercise.
• Spread the word. Provide feedback to us regarding the usefulness of the projectand share the word with your peers and colleagues in the industry.

Please submitissues onGitHubfor any technical questions or requests. You may also contactctid@mitre.orgdirectly for more general inquiries about the Center for Threat-Informed Defense.

We welcome your contributions to help advance Threat Modeling with ATT&CK in the form ofpullrequests.Please review thecontributornoticebefore making a pull request.

© 2024 MITRE. Approved for public release. Document number(s) CT0122.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use thisfile except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed underthe License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANYKIND, either express or implied. See the License for the specific language governingpermissions and limitations under the License.